I am developing a desktop client application for an https-protocol based REST API provided by a third party.
I want to test the programmatic communication with the API when the server's certificate is not installed on my local computer. For this, I need to know how to make it mandatory to have the server's computer installed on my computer. Note: the certificate is not self signed, rather it is issued by a CA.
I want to test what errors enterprise users will get when my client application will make the API call to the SSL server in a highly secure enterprise environment where the IT policy is configured to mandatorily require installation of server's certificate on the client's local computer.
Is there such a configuration in Window which makes it mandatory for server certificates installed on local computer, for any API communication? If yes, can someone guide me on the steps for Windows 10 Professional.
Related
We have a simple system with a REST service (WebAPI) that will be hosted on one machine (hosted on IIS on a custom port, port numer 3031) and with a website hosted on another machine that will be talking to the service.
We want both to use SSL, so as I understand we will need to purchase two separate SSL certificates for the production deployment on the Internet.
Does that sound right?
If so, then I don't know how do I request and purchase a certificate for the WebAPI REST service... The service will be hosted on a custom port 3031, should I purchase a normal certificate for the domain name of the machine where the service will be hosted? And then should I basically install the certificate on the IIS on that machine (like it's described here: https://learn.microsoft.com/en-us/aspnet/web-api/overview/security/working-with-ssl-in-web-api).
How will I be able to perform a verification of the domain for the purchased certificate if I'm going to use the certificate for a REST service on a custom port? (not for a regular website).
Apologies for my ignorance, I have searched the forum to find an answer to my issue, but I didn't find one, maybe it's because my very limited knowledge about certificates and security.
We host a website in our company.
A certificate was issued to www.ourdomainname.com from the company IT department.
Now we want to move the website to azure and install the certificate there.
I already exported the certificate with private key exported set to true from the server.
1.) What will happen when the certificate is installed on azure when it is also installed on our company server?
2.) What will happen when the website on our server is stopped in the server and the certificate is then imported to the azure website?
3.) How can I guarantee a soft transition time without any break?
The aim is:
Website on the company server going to be deleted and the website on azure is used instead.
What will happen when the certificate is installed on azure when it is also installed on our company server?
web site will be available via SSL in Azure too.
What will happen when the website on our server is stopped in the server and the certificate is then imported to the azure website?
web site on your server will be inaccessble.
How can I guarantee a soft transition time without any break?
it is more about DNS management. There is no much work with SSL. You just install SSL on both internal and Azure servers, so clients can access both. Test if web site on Azure works the same way as on your internal server. Then point all clients (via DNS) to a web site on Azure. When all clients move and there are no references to internal server, you can safely shutdown it.
The SSL Certificate which was exported from the current server has to be imported in Azure. The format of the certificate has to be PFX.
Now, in the DNS Management , you need to edit the A record for the URL and point it to the IP address of Azure. This will make sure that any request made will be handled by Azure .
I am working with a client who needs SSL on their Email and Web Site.
We have their site hosted on a Rackspace Cloud Site (Wordpress so Apache and all that jazz).
From what I can tell their Email is on an ISS server of their own.
They want to apply this SSL Cert they bought through GoDaddy and apply it to this email server and to the site on our hosting server. Now I am only a Web Developer with enough server knowledge to get sites launched and running, But I don't think you can apply the same SSL Cert on two different types of servers.
What would the solution be for this?
Would you purchase a second ssl? Is that even possible?
Sorry if this is a all completely wrong I am trying to use my limited knowledge of SSL to describe the situation.
I'm pretty sure you can use the same certificate if it's going on two servers as long as they are both using the same domain. You don't need to purchase a second ssl. The tricky part might be if the two servers require different certificate file formats.
Also, just do the CSR part on ONE of the servers (use the one you trust the most). On the other server just install the certificate bypassing the CSR part.
I am creating an EWS service which will connect to the Exchange server 2007. I am using Autodiscover service of Exchange server.I need to understand following:
How can I validate the SSL/TSL certificates for my service.
I need to know conventional way how outlook communicate with Exchange server.
How to Detect the specific certificate is installed for authentication.
I had written the code to connect to the Exchange server.But I am facing issues with the Certificate part.I am totally confused with the proper handshake with help of certificate.
In my code I had used X509Store to get the certificate stores and then validate from the server,but the certificate may differ from server to server (Exchange).Is there any way around.
I would ask for help in this matter.
I work in a software company and we're writing a client-server application (like system of documents circulation). It will be delivered as a complete solution as two distributions: client and server.
One of the requirements is the client and server must exchange information in encrypted form.
We decided to use SSL, but have some questions:
If we use self-signed certificates then we must generate certificate pair on server side, but how does the client know the server certificate? I want to install all required certificates during installation, but the server certificate is defined only on server installation.
If we ship client and server installer with wired server root certificate signed our company certificate in server and client installer - then our company client may create new certificate signed certificate that sign out certificate, that is chain with our company certificate in root - that is bad.
How can we solve this problem?
I want to ship to client 2 distributions: client, server and after installation they may establish secure channel to exchange information and user should not need to install any certificate manually.
Noticeable, this is completely product, we want to sell them to different companies and these companies must have different certificates.